Threat Entry Updated 2024-11-21

CVE-2024-2368 - Mollie Forms Plugin

The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm() function. This makes it possible for unauthenticated attackers to duplicate forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Mollie Forms

CVE-2024-2368

MEDIUM CVSS 4.3 2024-06-05

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-01-21

CVE-2024-1645 - Mollie Forms Plugin

The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to export payment data collected by this plugin.

PLUGIN Mollie Forms

CVE-2024-1645

MEDIUM CVSS 4.3 2024-03-11

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-02-05

CVE-2024-1400 - Mollie Forms Plugin

The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to duplicate arbitrary posts and pages.

PLUGIN Mollie Forms

CVE-2024-1400

MEDIUM CVSS 4.3 2024-03-11

Risk Score

Open Full Technical Breakdown